Assessment Reports

Assessment report can be presented to the customer with a summary of their overall risk score based on the latest scan, along with simple charts & pointers to highlight the problem areas.

Assessment Report - For the PDF report explanation please refer to the below document.

 

  • The PPT report showcases the Computer Level Risk Score, Vulnerability Summary, Vulnerability Trending, Security Report Card, Compliance Report Card, and Compliance Summary.

Company Level Risk Score - This section showcases the Risk score and Vulnerability Summary. The vulnerability summary shows how many are Critical, High, Medium, and Low.

Vulnerability Assessment - This section showcases the total count of the Vulnerabilities with Critical, High, Medium, and Low.

Critical vulnerabilities require immediate attention. They are relatively easy for attackers to exploit and may provide attackers with full control of the affected systems.

High-severity vulnerabilities are easy to exploit and may provide access to affected systems.

Medium vulnerabilities often provide information to attackers that may assist them in mounting subsequent attacks on the network. These should also be fixed in a timely manner but are not as urgent as the Critical and High vulnerabilities.

Low Vulnerabilities - These should also be fixed in a timely manner but are not as urgent as the other vulnerabilities.

  • Executive Risk Summary - This section showcases the Number of assets discovered, the Number of Vulnerable assets, Enabled Computers, Disabled Computers, Enabled Users, Disabled Users, Total Users, Total Groups, Empty Groups, Non-Empty Groups, Total GPOs, Empty OUs, Non-Empty OUs, and Total OUs.

    Vulnerability Summary - A vulnerability assessment is a process of defining, identifying, classifying, and prioritising vulnerabilities in computer systems, and network infrastructures and providing the organisation doing the assessment with the necessary knowledge, awareness, and risk background to understand the threats to its environment to react & remediate appropriately.

  • Vulnerability Trending - A Vulnerability Trending is based on the Vulnerabilities on a per day across last 30 days.

  • Security Report Card - In today’s time end-users have become a prime target for cybercriminals. But the real tangible target is the end-user’s workstation, and organisations would be remiss not to regularly validate the security of their endpoints. To close the gap, we have developed an endpoint assessment methodology that accounts for each area of the attack. The identification of vulnerabilities and gaps in security controls that may have gone unnoticed will assist you in tuning detection or protective controls to handle user activities. Associated remediation efforts will enhance incident response capabilities and further strengthen your overall security posture.

This section showcases the Failed Logins, System Ageing, Network Vulnerabilities, Antivirus status, Local Firewall status, Supported OS, and Insecure Listening Ports parameters.

Compliance Report Card - This section showcases additional compliances like LLMNR, SMB Signing, NTLMV1, SMBV1 client, NBTNS, and SMBV1 server.

Compliance Summary - This section showcases the number of assets that are Compliant, Non-Compliant, or Compliance Not Applicable to them. CyberCNS helps look at different Compliance controls like CIS, HIPAA, CIS 8.0, GPG 13, NIST 800 53, GDPR IV, CyberEssentials, ISO 27002, Essentials Eight, NIST 800 171, HIPAA, and PCI DSS.

  • The DOC report showcases the Executive Risk Summary which contains the Asset Summary, Vulnerability Summary, and Active Directory Summary, Company Level Risk Score, Vulnerability Assessment, Operating System Breakdown which includes all the OS available along with the Asset count, Security Report Card which includes Antivirus / Anti-spyware, Local Firewall, Insecure Listening Ports, Failed Logins, Network Vulnerabilities, System Aging, and Supported OS along with the Asset Count and Description, Compliance Report Card which includes LLMNR, NBTNS, NTLMV1, SMBV1 server, SMBV1 Client, SMB Signing along with with the Asset Count and Description, Compliance Summary which includes all the Compliance and displays the count of each Compliance with Compliant, Non-Compliant, and Not Applicable, Top 5 missing matches which include all the Vulnerabilities available along with Asset Count with Severity, Top 5 Vulnerabilities with Asset count, Password Policy Summary which includes Password history not remembered, Maximum password age, Password length less than 8 characters, and Inconsistent password policy.

 

  • The PPT report showcases the details about Antivirus, Disk Storage, Vulnerability Breakdown Across Operating Systems, Patch Status, Disk Encryption, Top Assets with Vulnerabilities, Top Assets with High Vulnerabilities, Vendor wise breakdown of assets, and Device wise Breakdown assets.

Risk Score Grade - Selected Company’s grade is based on the average risk score across all sites.

Antivirus - This has three states - Installed, Not Installed & Installed but Not up to date.

Disk Encryption - This has three states - Encrypted, Not Encrypted, and Unknown. Here disks are checked for Bit Locker Encryption.

Vulnerability Breakdown - This section showcases the Vulnerability Breakdown across Operating Systems, which shows vulnerabilities across all of the operating systems with the severity as Critical, High, Medium, and Low. The raw data of this report can be seen in the Consolidated Summary Docx report.

  • The DOC report showcases the Executive Summary which includes the Assets, Vulnerabilities across 67 assets, remediation, Application Baseline, Ports, Active Directory computers, Active Directory Users, Active Directory GPOs, and Active Directory Groups. The Security Summary includes the Security Summary, Compliance Summary, Security Report Card, OS Breakdown, Vendor Breakdown, Storage Devices by Disk Space, and Storage Devices by Encryption.

 

  • Consolidated Summary - The PPT report showcases the Vulnerability Overview which contains the Vulnerability Breakdown, Grade of the Company, External Vulnerabilities, Vulnerability Breakdown Across OS, and Top Critical Assets.

Risk Score Grade - Selected Company’s grade is based on the average risk score across all sites.

Vulnerability Breakdown - This section showcases the Vulnerability Breakdown Across Operating Systems which shows all of the operating systems with the severity are Critical, High, Medium, and Low. The raw data of this report can be seen in the Consolidated Summary Docx report.

  • Consolidated Summary Report - The DOC report showcases the Executive Summary which includes the Asset Summary, Vulnerability Summary, Active Directory Summary, OverAll Company Grade, Vulnerability Summary with the count, Network Scan Assessment, Operating System Breakdown, The three dangers of the unsupported operating systems, OverAll Vulnerability Summary, Pending Remediation Summary, Active Directory Non - Compliance, and Active Directory Best Practices for User Accounts.

  • Executive Summary Report - The DOC report showcases the Executive Summary which includes the Asset Summary, Vulnerability Summary, Active Directory Summary, OverAll Company Grade, What is a security risk assessment?, How does a security risk assessment work?, Asset Summary, Your Asset Assessment, Operating System Breakdown, The three dangers of the unsupported operating systems, Vendor Asset Count, Endpoint Assessment which includes Network Scan Assessment, OverAll Vulnerability Summary, Vulnerability Summary By OS, Active Directory Assessment, and Active Directory Best Practices for User Accounts.

  • Security Summary Report - The DOC report showcases the Executive Summary which includes the Assets, Vulnerabilities across 67 assets, remediation, Application Baseline, Ports, Active Directory computers, Active Directory Users, Active Directory GPOs, and Active Directory Groups. The Security Summary includes the Security Summary, Compliance Summary, Security Report Card, OS Breakdown, Vendor Breakdown, Storage Devices by Disk Space, and Storage Devices by Encryption.